[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: The harden-*flaws packages.

On Mon, Sep 02, 2002 at 06:28:44PM +0200, Javier Fernández-Sanguino Peña wrote:
> On Mon, Sep 02, 2002 at 05:13:51PM +0200, Ola Lundqvist wrote:
> > 
> > Now we just have to solve the upload-to-security problem, or simply
> > write some other check that scans the security.d.o web pages and
> > make clever things of it. Maybe using tiger, maybe some other things. But
> > because tiger can do similar things that might be useful.
> > 
> It's in my todo list. Now DSAs are much more easy to parse. Some older DSAs
Nice (that it is on your todo list).

> (pre-1999) might need special parsing however. Also, DSAs could be improved to add

The really old ones is probably not valid because this kind of check will
be added to a release where such packages simply can not be hold back.

> an 'affected versions' tag (currently only the package name is provider, you can
> infer the affected versions by looking the versions which *fix* the vulnerability).

Most the time it is not that easy to know each and every version that is
affected so infering is probably the way to go. Do you want help with this
and do you have anything for a starter?


// Ola

> 	Javi
> -- 
> To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

 --------------------- Ola Lundqvist ---------------------------
/  opal@debian.org                     Björnkärrsgatan 5 A.11   \
|  opal@lysator.liu.se                 584 36 LINKÖPING         |
|  +46 (0)13-17 69 83                  +46 (0)70-332 1551       |
|  http://www.opal.dhs.org             UIN/icq: 4912500         |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /

Reply to: